[Fedora-livecd-list] Adding files into the CD root file system
Jeremy Katz
katzj at redhat.com
Thu Jun 28 21:36:54 UTC 2007
On Thu, 2007-06-28 at 14:08 -0700, Jane Dogalt wrote:
> --- Jeremy Katz <katzj at redhat.com> wrote:
> > On Tue, 2007-06-26 at 08:45 +0200, Alexandre Magaz Graça wrote:
> > > I'm making a LiveCD that I want to autorun (from Windows and Linux)
> > to
> > > open a browser showing some help about how it works. So I added a
> > new
> > > option that lets add to the CD root file system.
> > >
> > > If someone finds it useful, the attached patch adds this option to
> > > pilgrim. The patch is for the latest git version.
> >
> > While this is useful, more generally, you may want to add other
> > directories as well. Or be able to modify the bootloader config. So
> > I
> > wonder if more accurately what's wanted is really implementing
> > --nochroot for %post from the config. That way, you could do
> > whatever
> > you want.
> >
> > The reason against is that it's kind of scary to let an unchroot'd
> > script run when creating live CDs as the config may or may not be
> > trustable.
>
> Correct me if I'm wrong, but I've always been a bit weary of untrusted
> or possibly buggy scripts running with root privs even under the
> chroot. The first example that comes to mind is (perhaps historic)
> libselinux stuff doing a call to init (in its %post). I'm not a
> hardcore cracker, so the only thing that comes to mind is shutting down
> the host build system, but I imagine there are craftier things that
> could be done. Is this perhaps only relevent if proc and dev are
> mounted under the chroot?
Oh, there are definitely things that can be done as is. It's more a
matter of what the chances of pain/problems are.
Jeremy
More information about the Fedora-livecd-list
mailing list